Social engineering

Simply put, the art of deception employed by online crooks to get their hands on your money is what the term social engineering generally refers to. Popularized by hacker-turned-consultant, Kevin Mitnick, the term covers a scope of tricks cybercriminals use into making people do something they do not want to like giving out sensitive personal information. The driving force behind this, of course, is profit.

Background

Socially-engineered threats are, in fact, harder to protect yourself against as these mainly target you, the online user, and not just the vulnerabilities of your system. The simplest, and yet, most effective way to protect yourself from threats as such is to be well-informed on what to stay away from and what to be careful of.

The Evolution of Social Attacks

Driven by its goals to gain profit from online users, digital threats have essentially evolved and developed through the years. Cybercriminals placed importance on crafting more sophisticated ways to lure online users into trusting them with their sensitive data. Socially- engineered attacks have gone leaps and bounds in terms of the sophistication of technologies employed.

WEB THREAT ERA.Motivated hugely by profit, cybercriminals have significantly upped their methods to draw sensitive information from online users for monetary gain. In 2004, BANCOS, a Trojan-type malware, performed illegal online banking by logging keystrokes. 2006 then saw the rise of THE ITALIAN JOB, which compromised legitimate websites through malicious HTML and backdoor attacks. Another Trojan-type malware named Zeus was discovered in 2007 that milked money out of stealing information while FAKEAV spread fast in 2008 with significant increases found through spam reports.

SOCIAL ATTACKS ERA. 2008 was the breakout of social attacks generated by cybercriminals for sabotage and profit. With identified targets, platform-based attacks were directed to home users, small businesses and large-scale organizations effecting intellectual property theft an major financial loss. Largely, online crooks have devised ways to attack web users with the use of social networking sites like Facebook and Twitter.

In 2008, Facebook users became target to worm-type malware attack KOOBFACE. Twitter then became a goldmine for cybercriminals in 2009 spreading malicious links that were found to carry Trojan.

How Social Engineering Works

Cybercriminals are well-aware of the opportunities to strike. Usually, they ride the wave of current issues and events that peak public interest. In the past, several socially-engineered attacks have been detected taking advantage of different kinds of news that grab the attention of online users.

BIG NEWS

To a cybercriminal, generating interest of the online public is easy by baiting them with buzz-worthy news like national disasters to even the most anticipated product or service launches. The March 2011 tsunami in Japan has immediately called for cybercriminals to create fake news sites hosting FAKEAV malware giving online users more than the updates they were looking for. The breakout news of the release of Apple iPad has also prompted several giveaway promos that tricked victims into providing and validating personal information via electronic mail.

WHAT YOU SEE: Social media posts with links to photos or photos connected to big news

WHAT IS HIDDEN FROM YOU: The minute the news on any big event hits the fan, cybercriminals are always ready to pounce and take advantage of the opportunity. Malware-infested sites that catch your interest can automatically cause damage to your system in just one click. Often, they redirect you to surveys or ads without leading you to the page they actually promised.

WHAT YOU SHOULD STAY AWAY FROM: Malicious links to leading to fake news sites

CELEBRITY GOSSIP

Gossips, scandals and news on the death of celebrities are sure to gain the most interest once it reaches public consciousness. From fans or followers, to even the most casual of observers, news on familiar names in the entertainment scene has tremendously been used by cybercriminals to plant the seeds of their attacks. The phenomenal career of Justin Bieber has made fans and haters out of online readers. It can be remembered that a social media post attached with a video that “just ended his career” elicited clicks that led to survey sites. Picking up from the global news of the death of the King of Pop, events related to the passing of singer Michael Jackson has lured victims to download a malware spread through MSN Messenger disguised as an image. Alarming news on deaths of celebrities have also become attack points exploited by cybercriminals. Fake news sites that redirect victims to malicious online portals have used the popularity of Jackie Chan, Lady Gaga, and the like.

WHAT YOU SEE: Attention-grabbing headlines that promise the most scandalous of revelations on the most famous celebrities

WHAT IS HIDDEN FROM YOU: Riding the media hype, these links often lead to specially-crafted malicious sites. Like any other scams in the guise of the most incredible news on these known personalities, these sites often contain malware that redirect victims to survey and ad sites

WHAT YOU SHOULD STAY AWAY FROM: Promises of the most noteworthy of news with links to related videos or photos

SEASONS

From the most widely-celebrated holidays to the biggest sporting events, cybercriminals often have a grasp of what will easily bait online users into giving in to their attacks. We can therefore assume that as we usher in the Christmas season or anticipate the next Super Bowl, cybercriminals are already planning their next big attack. A scam page using Facebook as a platform has offered victims free Christmas-themed plugins that made accounts susceptible to hijacking for spamming purposes. For online updates seekers checking in on news on the Super Bowl, they were instead redirected to FAKEAV-hosting sites.

WHAT YOU SEE: Suspicious spam and social media posts containing unbelievable offers in time for the holidays or popular sporting events

WHAT IS HIDDEN FROM YOU: Malicious sites are tailor-made to match the current season embedded with links that either host malware of redirect to survey or ad sites and never to the promised freebies or offers.

WHAT YOU SHOULD STAY AWAY FROM: Online deals that are often too good to be true

SOCIAL MEDIA SCAMS

As we live in the age of social media, cybercriminals have identified it largely as a goldmine for soliciting information that will enable them to milk profit out of victims. Social networking fraud, making full use of the social media platforms have become the norm. Timely offerings like a recorded Facebook post lured online users to a Valentine theme that forced victims to download and install a malicious extension for web browsers like Chrome and Firefox. A malicious Twitter app that promised a detailed monitoring of follower activities has also given a free pass for bad guys to hijack into their accounts.

WHAT YOU SEE: A number of posts bannering new features in several social media platforms made available for a limited amounts of time often came with suspicious codes that must be copied and pasted onto browser address bars or apps that must be downloaded and installed to enjoy promised “new features”

WHAT IS HIDDEN FROM YOU: These codes, suspicious as they are, lure users to malicious pages tailored to infiltrate their accounts therefore making it vulnerable to stolen information and system infections.

WHAT YOU SHOULD STAY AWAY FROM: Suspicious links to feature- or app-download sites

SCARY PROPOSITIONS

Cybercriminals recognize how imposing fear can turn even the smartest online user into a victim. Making full use of alarmist language, crooks have found a way to urge netizens to give in to their ploys to steal essential information. In Russia, several online users were threatened into paying an fine amounting to US$15 using fake citations for viewing inappropriate content. FAKEAV vendors, on the other hand, tricked victims into buying useless applications by planting scary system infection warnings.

WHAT YOU SEE: Suspicious emails are often disguised as urgent notifications that often talk about sensitive matters like system and financial safety. These often required immediate action like viewing an attachment, buying an application or making an online purchase

WHAT IS HIDDEN FROM YOU: Like a common crook, these online attackers often wait for unaware online users to fall as victims

WHAT YOU SHOULD STAY AWAY FROM: Fearful email subjects with content asking you to act on something

How to protect yourself from socially-engineered attacks?

The biggest armor one can use against social engineering tactics employed by online crooks nowadays is to be well-informed of the many ways a cybercriminal could take advantage of your social media vulnerability. More than the usual consequences on falling prey into spamming, phishing attacks, and malware infections, the challenge posed by cybercriminals is having a firm grasp and understanding on keeping your data private.

These simple steps are key to keeping your account safe from social engineering attacks.